Application #10/848,738 
Amendment dated June 30, 2008 

Amendments to the claims: 

1 . (Currently Amended) A method of secure communication between a resource- 
constrained device and remote network nodes over a network wherein the 

resource-constrained device acts as a standalone network node and the remote 
network nodes communicate with the resource-constrained device using un- 
modified network clients and servers and wherein the resource-constrained 
device has a central processing unit, a random access memory, a non- volatile 
memory, a read-only memory, and an input and output component, 
comprising: 

ir using a physical link selected from one of several physical link 
methods; 

assigning a network address to the resource-constrained device 
thereby enabling the resource-constrained device to act as a 
standalone network node; 

iir executing on the resource-constrained device a 

communications module implementing networking protocols 
and one or more link layer communication protocols, 
operable to communicate with a host computer, operable to 
communicate with remote network nodes using the 
networking protocols and operable to implement network 
security protocols thereby setting a security boundary inside 
the resource-constrained device; 

iiir implementing an execution model, wherein the 

communication module is driven by input events and by the 
applications and wherein the resource-constrained device 
uses at least one optimization technique selected from: 
optimized memory usage by sharing data buffers between 
one or more communications protocol layers or security 
protocol layers; 
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ivr swapping data from the random accoss momory to the non 

volatile m e mory; 
V. swapping data from the non - volatile memory to the random 

access memory; 
vir sharing data buffers between one or more communications 

protocol layers or security protocol layers; 
viir executing on the host computer one or more linlc layer 

communication and nctw orking protocols operable to 

communicate with the resource-constrained device and 

operable to communicate with the remote network nodes; 

and 

viiiT executing one or more secure network applications on the 
resource-constrained device wherein the network 
applications call upon the communication module of the 
resource-constrained device to communicate with the host 
computer or t he remote network node using the networking 
protocols and network security protocols and w herein the 
secure network applications are securely accessible by the 
remote network nodes using un-modified network clients 
and servers. 



2. (ORIGINAL) The method of Claim 1 wherein the physical link is selected 
from the set including full-duplex serial connection, half-duplex serial 
connection, USB connection, contactless radio connection. 

3. (ORIGINAL) The method of Claim 2 wherein the physical link is a full- 
duplex serial connection using the serial peripheral interface protocol. 

4. (ORIGIN AL)The method of Claim 1 further comprising connecting an 
interface device between the resource constrained device and the host 
computer using a physical link that is a serial connection having half-duplex 
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between the resource constrained device and the interface device and full- 
duplex between the interface device and the host computer. 



5. (ORIGINAL) The method of Claim 4 further comprising operating the 
interface device to perform a bridging function between the half-duplex 
connection and the full-duplex connection. 

6. (ORIGINAL) The method of Claim 5 wherein the step of performing a 
bridging function further comprises providing at least one of function selected 
from: 

i. enabling a resource constrained device operating in a 
command/response mode to communicate with network nodes 
as a peer; 

ii. enabling a resource constrained device operating in half- 
duplex communication mode to handle full-duplex 
communication traffic; 

iii. encapsulating upper layer protocol frames; 

iv. enabling transportation of upper layer protocol frames 
exceeding a frame size limit of the lower link layer; and 

V. supporting multiple logical connections of upper layer 
protocols. 



7. (ORIGINAL) The method of Claim 4 of operating a software module on the 
interface device according to a finite state machine permitting the interface 
device to forward messages between the resource constrained device and the 
network wherein the interface device is in one of the at least one states 
permitting the resource constrained device to initiate and send messages. 
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8. (ORIGINAL) The method of Claim 7 wherein the at least one state is selected 
from a set of states corresponding to the interface device transmitting a Send, a 
Put, and a Poll command, respectively. 

9. (ORIGINAL) The method of Claim 4 of operating a software module on the 
host computer according to a finite state machine having at least one state 
permitting the resource constrained device to transmit messages to the network 
wherein the software module is in one of the at least one states permitting the 
resource constrained device to initiate and send messages. 

10. (currently amended) The method of Claim 9 wherein the at least one state 
permitting the resource constrained device to transmit messages to the network 
is selected from a set of states corresponding to the interface device 
transmitting a Send, a Put, and a Poll command, respectively. 



1 1 . (ORIGINAL) The method of Claim 9 comprising the step of operating the 
resource constrained device according to a finite state machine having at least 
one state in which the resource constrained device waits for a message from 
the host computer indicating that the resource constrained device may transmit 
a message. 

12. (ORIGINAL) The method of Claim 4 fiirther comprising: 

i. operating the resource constrained device according to a finite 
state machine whereby the resource constrained device uses 
the response status at the end of the response to the command 
sent by the host computer or an intermediate device to indicate 
that the resource constrained device wants to transmit 
information to the host computer or to the network. 

13. (ORIGINAL) The method of Claim 12 where in the step of operating the 
resource constrained device comprises operating the resource constrained 
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device according to a finite state machine having at least one state in which the 
resource constrained device waits for a message indicating to the resource 
constrained device that the resource constrained device may transmit 
information to the host. 

14. (ORIGINAL) The method of Claim 13 further comprising operating the 
resource constrained device to transition among the states of the finite state 
machine. 

15. (ORIGINAL) The method of Claim 12 further comprising: 

i. operating the host computer or an intermediate device 
connected between the host computer and the resource 
constrained device according to a finite state machine to 
transmit a polling message to the resource constrained device 
checking if the resource constrained device may want to 
transmit information to the host computer. 

16. (currently amended) The method of Claim 15 wherein the host computer or 
intermediate device includes a Remote Access Server (RAS^ and wherein 
whoro in the step of operating the host computer or intermediate device 
comprises operating the host computer or intermediate device according to a 
finite state machine having a Polling state in which the host computer or 
intermediate device polls the resource limited device, a Get-from-card state in 
which the host computer or intermediate device obtains packets of data from 
the resource constrained device, a Putting-to-card state in which the host 
computer or intermediate device transmits data to the resource constrained 
device, and a Checking RAS state in which the host computer or intermediate 
device checks whether RAS has any data to transmit to the resource 
constrained device. 
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17. (ORIGINAL) The method of Claim 16 further comprising operating the host 
computer or the intermediate device to transition among the states of the finite 
state machine. 

18. (ORIGINAL) The method of Claim 1 wherein the resource-constrained device 
is a smart card. 

19. (ORIGINAL) The method of Claim 1 wherein the resource-constrained device 
is a MultiMediaCard (MMC). 

20. - 60 WITHDRAWN 

61 . (currently amended) A system providing secure communication between a 
resource-constrained device and remote network nodes over a network 
wherein the remote network nodes communicate with the resource-constrained 

device using un-modified network clients and servers and wherein the 
resource-constrained device has a central processing unit, a random access 
memory, a non- volatile memory, a read-only memory, and an input and output 
component, the system comprising: 

i^a physical link connecting the resource-constrained device and a 

host computer, the physical link selected from one of several 

physical link methods; 

logic to assign a network address to the resource-constrained device 
thereby enabling the resource-constrained device to act as a 
standalone network node; 

iir the resource-constrained device comprising a communications 
module implementing networking protocols and one or more 
link layer communication protocols, operable to communicate 
with the host computer, operable to communicate with remote 
network nodes using the networking protocols and operable to 
implement network security protocols thereby setting a security 
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boundary inside the resource-constrained device, wherein the 
communication module is driven by input events and by the 
applications and wherein the resource-constrained device uses at 
least one optimization technique selected from: optimizes 
memory usage by sharing data buffers between one or more 
communications protocol layers or security protocol layers; 

mrr swapping data from the random access memory to the non - 
volatile mcmor>% 

iv. swapping data from the non - volatile memory to the random 
access memory; 

V. sharing data buffers botwcen one or more communications 
protocol layers or s e curity protocol layers; 

vir the host computer comprising logic implementing one or more 
link layer communication networking p rotocols operable to 
communicate with the resource-constrained device and operable 
to communicate with the remote network nodes; and 

vht the resource-constrained device further comprising one or more 
secure network applications wherein the network applications 
call upon the communication module of the resource- 
constrained device to communicate with the host computer or 
the r emote network node using the networking protocols and 
network security protocols and w herein the secure network 
applications are securely accessible by the host computer or the 
remote network nodes using un-modified network clients or and 
servers. 

62. (previously presented) The system of Claim 61 wherein the physical link is 
selected from the set including full-duplex serial connection, half-duplex serial 
connection, USB connection, contactless radio connection. 
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63. (previously presented) The system of Claim 62 wherein the physical link is a 
full-duplex serial connection using the serial peripheral interface protocol. 

64. (previously presented)The system of Claim 61 further comprising an interface 
device between the resource constrained device and the host computer, the 
interface device using a physical link that is a serial connection having half- 
duplex between the resource constrained device and the interface device and 
full-duplex between the interface device and the host computer. 



65. (previously presented) The system of Claim 64 further whereing the interface 
device comprises logic to perform a bridging function between the half-duplex 
connection and the full-duplex connection. 

66. (previously presented) The system of Claim 65 wherein the logic to perform a 
bridging function further comprises logic to provide at least one of function 
selected from: 

i. enabling a resource constrained device operating in a 
command/response mode to communicate with network nodes 
as a peer; 

ii. enabling a resource constrained device operating in half- 
duplex communication mode to handle full-duplex 
communication traffic; 

iii. encapsulating upper layer protocol frames; 

iv. enabling transportation of upper layer protocol frames 
exceeding a frame size limit of the lower link layer; and 

V. supporting multiple logical connections of upper layer 
protocols. 
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67. (previously presented) The system of Claim 64 wherein the interface device 
further comprises logic to operate the interface device according to a finite 
state machine permitting the interface device to forward messages between the 
resource constrained device and the network wherein the interface device is in 
one of the at least one states permitting the resource constrained device to 
initiate and send messages. 

68. (currently amended) The system of Claim 67 wherein the at least one state 
permitting the resource constrained device to transmit messages to the network 
is selected from a set of states corresponding to the interface device 
transmitting a Send, a Put, and a Poll command, respectively. 

69. (previously presented) The system of Claim 64 of wherein the host computer 
further comprises logic to operate the host computer according to a finite state 
machine having at least one state permitting the resource constrained device to 
transmit messages to the network wherein the software module is in one of the 
at least one states permitting the resource constrained device to initiate and 
send messages. 

70. (previously presented) The system of Claim 69 wherein the at least one state is 
selected from a set of states corresponding to the interface device transmitting 
a Send, a Put, and a Poll command, respectively. 

71. (previously presented) The system of Claim 69 wherein the resource 
constrained device comprises logic to operate the resource constrained device 
according to a finite state machine having at least one state in which the 
resource constrained device waits for a message from the host computer 
indicating that the resource constrained device may transmit a message. 

72. (previously presented) The system of Claim 64 wherein the resource 
constrained device further comprises logic to operate the resource constrained 
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device according to a finite state machine whereby the resource constrained 
device uses the response status at the end of the response to the command sent 
by the host computer or an intermediate device to indicate that the resource 
constrained device wants to transmit information to the host computer or to the 
network. 

73. (previously presented) The system of Claim 72 wherein the logic to operate 
the resource constrained device according to a finite state machine further 
comprises logic to operate the resource constrained device according to a 
finite state machine having at least one state in which the resource constrained 

device waits for a message indicating to the resource constrained device that 
the resource constrained device may transmit information to the host. 

74. (previously presented) The system of Claim 73 further the logic to operate the 
resource constrained device according to a finite state machine further 
comprises logic ^ to operate the resource constrained device to transition 
among the states of the finite state machine. 

75. (previously presented) The system of Claim 72 further comprising: 

vi. logic in the host computer or an intermediate device connected 
between the host computer and the resource constrained 
device to operate according to a finite state machine to 
transmit a polling message to the resource constrained device 
checking if the resource constrained device may want to 
transmit information to the host computer. 

76. (previously presented) The system of Claim 75 wherein the host computer or 
intermediate device includes a Remote Access Server (RAS) and wherein 
where in the logic to operate the host computer or intermediate device 
comprises logic to operate the host computer or intermediate device according 
to a finite state machine having a Polling state in which the host computer or 
intermediate device polls the resource limited device, a Get-from-card state in 
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which the host computer or intermediate device obtains packets of data from 
the resource constrained device, a Putting-to-card state in which the host 
computer or intermediate device transmits data to the resource constrained 
device, and a Checking RAS state in which the host computer or intermediate 
device checks whether RAS has any data to transmit to the resource 
constrained device. 



77. (NEW) The system of Claim 76 further comprising logic to operate the host 
computer or the intermediate device to transition among the states of the finite 
state machine. 

78. (NEW) The system of Claim 61 wherein the resource-constrained device is a 
smart card. 

79. (NEW) The system of Claim 61 wherein the resource-constrained device is a 
MultiMediaCard (MMC). 



Page 12 of 21 

76 0878AmendmentV10-100.doc 



